OpenSSL Patches High-Severity Stack Buffer Overflow and Eleven Additional Vulnerabilities
The OpenSSL project has released a sweeping security update addressing twelve vulnerabilities across the widely-used cryptographic library, including a high-severity stack buffer overflow that could potentially enable remote code execution on vulnerable systems.
The headline flaw, tracked as CVE-2025-15467, affects CMS AuthEnvelopedData parsing and carries high severity. Organizations running OpenSSL versions 3.0 through 3.6 should upgrade immediately to patched releases.
Critical Stack Buffer Overflow in CMS Parsing
The most severe vulnerability involves stack buffer overflow when parsing CMS AuthEnvelopedData messages using AEAD ciphers such as AES-GCM. When processing these structures, the initialization vector encoded in ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination.
An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Because the overflow happens prior to authentication, no valid key material is required to trigger it.
Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers are vulnerable, including S/MIME AuthEnvelopedData with AES-GCM. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.
PKCS#12 Buffer Overflow May Enable Code Execution
A second significant vulnerability, CVE-2025-11187, affects PKCS#12 MAC verification. Missing validation of PBMAC1 parameters can trigger a stack-based buffer overflow, invalid pointer dereference, or NULL pointer dereference during MAC verification.
When verifying PKCS#12 files using PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters are used without validation. If the keylength value exceeds the 64-byte fixed stack buffer used for the derived key, key derivation will overflow the buffer with attacker-controlled length. This vulnerability was assessed as moderate severity because it requires processing maliciously crafted PKCS#12 files, which typically contain trusted private keys.
Additional Vulnerabilities Addressed
The security update addresses ten additional flaws ranging from low to moderate severity affecting various OpenSSL components.
CVE-2025-15468 is a NULL dereference in the SSL_CIPHER_find function that affects QUIC protocol implementations when receiving unknown cipher suites, causing denial of service.
CVE-2025-15469 involves the openssl dgst command-line tool silently truncating inputs larger than 16MB when using one-shot signing algorithms like Ed25519, Ed448, or ML-DSA, creating an integrity gap where trailing bytes can be modified without detection.
CVE-2025-66199 affects TLS 1.3 certificate compression, allowing attackers to force per-connection memory allocations of up to 22MB, potentially causing denial of service through resource exhaustion.
CVE-2025-68160 is a heap out-of-bounds write in the BIO line-buffering filter when the next BIO performs short writes, potentially causing memory corruption and crashes.
CVE-2025-69418 leaves trailing bytes unencrypted and unauthenticated when using low-level OCB API functions with non-block-aligned inputs on hardware-accelerated builds.
CVE-2025-69419 triggers a one-byte write before allocated buffer when calling PKCS12_get_friendlyname on malformed PKCS#12 files containing non-ASCII BMP code points.
CVE-2025-69420 causes invalid or NULL pointer dereference when verifying malformed TimeStamp Response files.
CVE-2025-69421 triggers NULL pointer dereference in PKCS12_item_decrypt_d2i_ex when processing malformed PKCS#12 files.
CVE-2026-22795 causes invalid pointer read through type confusion in PKCS#12 parsing.
CVE-2026-22796 affects signature verification of signed PKCS#7 data through type confusion in the PKCS7_digest_from_attributes function.
Affected Versions and Patches
The high-severity CMS parsing vulnerability affects OpenSSL versions 3.0, 3.3, 3.4, 3.5, and 3.6. OpenSSL 1.1.1 and 1.0.2 are not affected by this specific issue.
Organizations should upgrade to the following patched versions: OpenSSL 3.6.1, 3.5.5, 3.4.4, 3.3.6, or 3.0.19 depending on their current deployment. OpenSSL 1.1.1 and 1.0.2 users requiring fixes for applicable lower-severity issues should upgrade to 1.1.1ze or 1.0.2zn respectively, available to premium support customers only.
FIPS modules across all affected versions are not impacted by these vulnerabilities as the affected implementations fall outside the FIPS module boundary.
Given OpenSSL's foundational role in securing internet communications, organizations should prioritize applying these updates to systems processing untrusted CMS, PKCS#7, or PKCS#12 content.
